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System and Method for Providing Customers with 



Seamless Entry to a Remote Server 



FIELD OF INVENTION 

The present invention relates to a method that provides customers of a host 
service provider with a seamless experience, allowing them to access remote network 
services, which typically require their own username, password, and session management 
application, via a single login to the host service provider. 
BACKGROUND OF THE INVENTION 

A networked service provider may want to provide its customers with access to 
services that are not provided directly by its server. Therefore, the service provider may 
have to redirect its customer to another remote server capable of providing the service. 

For example, an Internet banking site may wish to provide its customers with a 
full range of banking services, e.g., opening and maintaining a checking account, 
applying for a credit card or loan, paying bills, or accessing brokerage or financial 
planning services. Each of these Internet banking services may be provided by an 
independent server that requires the user to enter a unique username (or ID) and 
password. Therefore, when a customer wishes to utilize a banking service that is 
provided by a remote server, after the Internet banking host server redirects the customer 
to the remote service provider, the customer must enter a new ID and password specific 
to that service. Given the broad range of services that an Internet bank may wish to 
provide, this places the burden of remembering and entering multiple usernames and 
passwords on the Internet banking customer. This is a significant drawback to the 
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customer. This is also a significant drawback to the Internet banking host because 
customer dissatisfaction may result in lost accounts. 

Furthermore, if the customer returns to the host provider after accessing a remote 
service provider, and then desires to return to the remote service provider, the customer 
must re-enter the same username and password for that service. For example, in the 
Internet banking context, if a customer decides to access his or her checking account, 
then utilize brokerage services, and then desires to return to his or her checking account, 
the customer must enter his or her unique username and password for the checking 
account service twice. This is a significant drawback. 

In addition, a host service provider may wish to change the remote service 
providers that customers can access through its server. In the Internet banking context, 
for example, a host Internet bank may utilize a particular remote service to provide its c 
customers with checking account services. For whatever reason, the host Internet bank 
may later wish to change the remote checking account service provider. This would 
require the Internet banking customer to create and remember a new username and 
password for the new remote service. Again, the burden of remembering an even greater 
number of IDs and passwords falls on the customer and the risk of losing those 
customers is borne by the host Internet bank. This is another significant drawback. 

Other drawbacks to conventional approaches exist. 
SUMMARY OF THE INVENTION 

An object of the present invention is to overcome these and other drawbacks in 
existing systems and methods. 
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Another object of the present invention is to provide a specific time limit which a 
user can spend logged into the system. 

Another object of the invention is to monitor the state of a user to determine 
whether the user is logged in or not. 

Another object of the invention is to provide customers of a host service provider 
with a seamless experience enabling them to gain access to one or more remote service 
by entering a single username and password required by the host service provider. 

Another object of the invention is to enable customers of a host service provider 
to regain access to a remote service provider, after having exited that remote server, 
without having to reenter the username and password required by that remote service 
provider. 

Another object of the invention is to enable a host service provider to replace or 
add the remote services that a customer can access through the host service provider 
without placing the additional burden on customers to transpose a new username and 
password. 

These and other objects of the invention are accomplished according to various 
embodiments of the invention. The present invention provides a seamless entry system 
that comprises a universal session manager. Users may connect to the host service 
provider with a unique username and password. Then, through a series of data 
exchanges, or handshakes, between the universal session manager, a validation database, 
and the remote service module, the customer may be transparently logged into remote 
service providers. 
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In one embodiment, the present invention may comprise a method providing 
customers of a host service provider with access to remote service providers which 
require their own unique user IDs and passwords. Internet banking customers, for 
example, may utilize a browser system to connect to a host server providing a range of 
banking services. These services may include on-line bill paying, instant credit card 
applications, loan applications, or checking account services. Each service may be 
supported by a remote or distinct server. 

According to the method, the customer first enters a username and password to 
gain access to the host service provider. During the connection to the host service 
provider, a validation module validates the customer's username and primary password. 
If the combination is valid, the validation module transmits data to the universal session 
manager of the host service provider indicating which services the customer is enrolled 
in and the unique username and password that have been generated for each remote 
service in which the customer is enrolled. The customer is then free to select one of 
these services, which may be provided by a remote service provider. If an Internet 
banking customer, for example, chooses to complete a loan application and this service is 
provided by a remote server requiring its own user ID and password, the universal 
session manager then passes the required user ID and password to the remote server's 
login module. 

After the remote service provider receives the data required for login, the remote 
server transmits to the universal session manager the status of the login attempt. If the 
login is successful, the user is thus able to utilize the remote services with his/her web 
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browser system without having entered a username or password particular to the remote 
service. 

In another embodiment, the present invention may comprise a method for 
providing customers of a host service provider with access to remote service providers 
which require their own unique user IDs and passwords and have other special access 
requirements. For example, an Internet banking customer may utilize a browser system 
to connect to a host server providing a range of banking services with special access 
requirements. These secure services may include brokerage services. If after entering a 
valid username and password to the host service provider the customer chooses to utilize 
a remote brokerage service provider with special access requirements, a trusted server 
will act as an intermediary between the universal session manager of the host service 
provider and the remote brokerage system, for example. The trusted server will answer 
the login request of the banking site's universal session manager with a session ID 
extracted from a cookie placed on the user's browser by the trusted server. When the 
universal session manager receives the session ID, the customer may be redirected to the 
remote brokerage site. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 depicts a schematic diagram of a system according to an embodiment of 
the present invention. 

Figures 2 A and 2B depict a flow diagram illustrating a method according to an 
embodiment of the present invention. 
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Figs. 3A and 3B depict an exemplary graphical user interface according to an 
embodiment of the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

For purposes of illustration, a system and method according to an embodiment of 
the present invention are described below. That system is described as being part of an 
Internet based system that enables customers of an Internet banking system to access 
remote Internet banking services, which may require a unique username and password, 
having only entered a single username and password required by the host Internet 
banking system. The invention is described in terms of an Internet based bank providing 
a multitude of financial services, some of which are provided by remote providers. 
However, this embodiment is exemplary only. The invention finds application in any 
scenario involving a host site that includes links to distinct remote sites with their own 
separate login procedures. It should also be appreciated that the present invention could 
be implemented through a variety of networked environments, such as the telephone 
network, a satellite connection network, or any other system that provides information to 
a user in networked fashion. 

For purposes of clarity and simplicity, the invention is described in terms of the 
existing Internet. The skilled artisan will recognize that the invention could be 
implemented in variations thereto, such as the so-called Internet Protocol Next 
Generation (IPng) or any other variations of networked packet-switched technology. 

An embodiment of a system for implementing the methods disclosed below is 
depicted in Fig. 1 . It should be understood that other embodiments for carrying out the 
present invention may also be provided. In the exemplary embodiment of Figure 1, a 
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plurality of users or customers 20 may be connected using networking technology 1 0 to a 
host service provider 50. In this embodiment, the customers 20 may connect to a host 
service provider 50 that is an Internet banking service site over the Internet 10, although 
the network may comprise a cable network, a LAN, a WAN, an intranet, the Supernet, or 
any other network that allows transmission of information. 

Host service provider 50 may comprise a plurality of modules that function to 
perform the functions described above in addition to other functions set forth below. 
Although separate modules are described for performing these functions, it should be 
understood that additional modules may also be provided and that modules may be 
combined. 

According to an embodiment of the invention, host service provider 50 may 
comprise a universal session manager 52 and a validation database 60. The universal 
session manager 52 may communicate with one or more databases 60 in communication 
with the host service provider 50. The database(s) 60 may store information required for 
login to remote sites or registration for the services those sites provide. 

According to an embodiment, the remote service provider may comprise a 
registration module 32 and a login module 34. 

A registration module 32 may receive data from the universal session manager 52 
necessary for customer 20 registration with the remote service provider 30. 

A login module 34 may communicate with the universal session manager to 
receive the information required for access to the remote service provider, e.g., username 
and password. The login module 34 may also reply to the universal session manager 52 
indicating the status of the login request. 
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The system may also comprise a trusted service module 70 and a trusted service 
provider 80. The trusted service module 70 acts as an intermediary between the universal 
session manager 52 and the trusted service provider 80. The trusted service provider 80 
is a remote service with special access requirements in addition to a unique username and 
password. 

Referring now to the method depicted by Figures 2 A and 2B 5 in step 125 the 
customer 20 employs a browser 22 to contact a host internet banking service provider 50. 
In step 150, a customer transmits a personal username and password to the universal 
session manager 52 of the host service provider 50. The host service provider 50 may 
comprise a server system connected over the World Wide Web or Internet 10 to provide 
web-pages upon request from one or more users utilizing a web browser 22. 
Accordingly, step 150 may comprise a customer using a browser 22 to connect over the 
Internet 1 0 to a web-site that provides Internet banking services, for example. Use of 
exiting browser/server technology may be used to transmit the username and password to 
the host service provider 50. 

In response to the customer's transmitting a username and password to the 
universal session manager 52, in step 150, the universal session manager 52 of the host 
service provider 50 transmits the username and an encrypted version of the password to 
the validation database 60, as in step 200. In step 250, the validation module checks to 
make sure that the user has entered a valid username/password combination. If the 
username is not recognized by the validation module, as in step 325, or if the username 
and password do not match, as in step 350, the user will be asked to re-enter his or her 
username and password, as in step 150. The customer 20 of the Internet banking system 
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50 of Figure 1 may be allowed three attempts to enter a correct username/password 
combination. Once the customer 20 has entered a valid login 300 5 the database 60 will 
return to the universal session manager 52 the information necessary for the transparent 
login to the remote service 30, as in step 400. As previously described, the information 
may comprise the type of the Internet banking services in which the customer 20 is 
enrolled and/or the user ID particular to that user and required by a remote banking 
service web site. The information may also include identifying information necessary 
e-mail. Additionally, the information may include data necessary for profiling a dynamic 
application form related to user-selected products and services. 

In step 450, the customer may select a link to one of the remote services 30 
provided through the host service provider 50. In the present embodiment, for an 
Internet based banking system, these services may include checking account 
maintenance, credit card and loan applications services, electronic bill paying, and 
brokerage services. These services may also include Internet search engines, other web 
sites that offer membership services, e-mail services, or campaign advertising. 

In step 500, the universal session manager 52 checks the validation database 60 
return data to see of the customer has enrolled in the service. If the customer is enrolled 
in the selected service, the present embodiment initiates the triple handshake protocol 
600. In the first step 625 of the triple handshake protocol 600, the universal session 
manager 52 may send the required customer username and password to the login module 
34 of the remote service provider. This may comprise the universal session manager 52 
of an Internet banking service provider 50 sending redirects to remote service web sites 
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30, which may include on-line checking, on-line brokerage, on-line credit card 
application or online bill paying sites. 

In the second step 650 of the triple handshake protocol 600, the login module 34 
of the remote service module 30 sends the universal session manager 52 a reply 
indicating the status of the login request. The status may indicate that the login attempt 
to the remote service provider 30 was successful 725, that the login attempt failed 675, or 
that the customer has never registered for the service before, i.e., is unknown 700. This 
step may comprise the login module 34 sending redirects over the Internet 10 to the 
universal session manager 52 of the host Internet banking provider's web site 50. 

In the final step of the triple handshake protocol 750, the universal session 
manager 52 directs the customer to the remote service provider 30. In the present 
embodiment, this may comprise the universal session manager 52 of an Internet banking 
web site 50 redirecting the customer to the selected remote services' web site 30. 

The information may be displayed to the customer as depicted in Figure 3. The 
Internet banking host service provider may have control of the outer frame and the top 
navigational bar. The various services' web pages will be hosted in the main bottom 
panel and may contain a left-hand navigation bar for local remote service navigation. 

In step 500, if the universal session manager 52 determines that the customer is 
not registered for the selected service the universal session manager 52 will transparently 
register the customer for that service. Transparent registration may require that the 
universal session manager 52 contact the validation database 60 to retrieve the 
information necessary for registration, as in step 525. This may include providing a 
unique username and password designated for use only with the selected service. Then 
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the universal session manager 52 sends data to the registration module 32 of the remote 
service provider's web site, as in step 550. The remote service 30 then confirms the 
customer's registration, as in step 575. Then, the universal session manager 52 initiates 
the triple handshake protocol 600. In the present embodiment, transparent registration 
may be accomplished by a series of redirects between the universal session manager 52, 
the validation database 60, and the registration module 32 of the remote service provider 
30. 

In another embodiment of the present invention, the customer may choose an 
Internet banking service, e.g., a brokerage service, that has special access requirements in 
addition to a unique username and password. If the customer is enrolled in the selected 
service, the present embodiment initiates trusted server dedicated line redirection. 

In step 800, the trusted service module 70 makes a direct call to the trusted 
service provider 80. This may comprise a trusted brokerage server 70 established by an 
Internet banking service 50 providing a secure brokerage service 80 with the login 
redirects over a dedicated line. 

In step 825, the trusted service provider 80 responds to the trusted service module 
70 in the form of an html response with a session ID associated with it. This may 
comprise a brokerage system 80 responding to a trusted brokerage server 70 in html form 
over a dedicated line. 

The trusted service module 70 will send this "cookie" to the user's network data 
acquisition module 22, after reading the Session "cookie" and extracting sessionlD. This 
may comprise a trusted brokerage server 70 placing this "cookie" on the customer's 
Internet browser 22. 
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The trusted service module 70 next answers the universal session manager 52 
with the status of the login attempt and the sessionID extracted from the cookie. Once 
the universal session manager 52 receives this data, if the login attempt was successful, 
the customer will be directed to the trusted service provider 80, as in step 750. This may 
comprise, the universal session manager 52 of an Internet banking service provider 30 
receiving data from a trusted brokerage server 70 and then redirecting the Internet 
banking customer 20 to a brokerage service provider 80. 

During a session, if a customer 20 remains logged in, but no activity occurs, the 
universal session manager 52 performs a data security function by causing customer 20 
to automatically logout. In a preferred embodiment, this timeout occurs after about thirty 
minutes of inactivity. 

Figs. 3A and 3B provide an exemplary graphical user interface. Fig. 3A 
illustrates a screen that may be provided when a user 20 initially attempts to access host 
server 50. The user 20 is prompted to enter a user name and password, or alternatively to 
create a new user name and password to be granted seamless access to pertinent 
applications. 

If the user 20 elects to create a new user name and password, access is granted 
upon the user's submission of data requested in Fig. 3B. 

Additional advantages and modifications will readily occur to those skilled in the 
art. Therefore, the invention in its broader aspects is not limited to the specific details in 
representative devices shown and described herein. Accordingly, various modifications 
may be made without departing from the spirit and scope of the general inventive 
concept as defined by the appended claims. 
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